Ignore the downvotes. That’s a fair question to ask, but one that does have answers. Signal is FOSS, has E2EE and was audited several times, so we know that
- it did not contain any backdoors at the time of the audit
- it will not for the foreseeable future (they’d be visible in the client code)
- I need not trust the server code since messages are E2EE
Thus, while mistakes do happen and can open up severe vulnerabilities, cf. Heartbleed, there’s reason to assume that Signal is relatively secure. Signal’s centralisation of server infrastructure is a valid concern, but not for security, but rather for
- privacy (they might capture metadata, although it appears they don’t; nation-state actors trying to subpoena user data have so far only gotten “date of registration” and “last online”, which appears to be all they’re storing; that’s as close to “zero knowledge” as you get)
- availability (as the recent AWS outage has shown, which took out Signal as well)







Great, I’ll probably do just that this summer. Thanks for the info!